jam-cloud/app/controllers/users_controller.rb

class UsersController < ApplicationController
  before_filter :signed_in_user,
                only: [:index, :edit, :update, :destroy]
  before_filter :correct_user,   only: [:edit, :update]
  before_filter :admin_user,     only: :destroy

  
  def index
    @users = User.paginate(page: params[:page])
  end

  def show
    @user = User.find(params[:id])
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new

    # check recaptcha; if any errors seen, contribute it to the model
    unless verify_recaptcha(:model => @user, :message => "recaptcha")
      render 'new'
      return
    end
    
    @user = UserManager.new.signup(request.remote_ip,
                                    params[:jam_ruby_user][:first_name],
                                    params[:jam_ruby_user][:last_name],
                                    params[:jam_ruby_user][:email],
                                    params[:jam_ruby_user][:password],
                                    params[:jam_ruby_user][:password_confirmation],
                                    params[:jam_ruby_user][:instruments],
                                    params[:jam_ruby_user][:photo_url],
                                    ApplicationHelper.base_uri(request) + "/confirm")

    # check for errors
    if @user.errors.any?
      # render any @user.errors on error
      render 'new'
    else
      # if success, redirect to 'email_sent' page
      flash[:success] = "Please check your email and confirm your signup"
      redirect_to :email_sent
    end
  end

  def email_sent

  end

  def signup_confirm
    @user = UserManager.new.signup_confirm(params[:signup_token])

    unless @user.nil? || @user.errors.any?
      sign_in @user
      redirect_to :client
    end

    # let errors fall through to signup_confirm.html.erb
  end

  def edit
  end

  def update
    if @user.update_attributes(params[:jam_ruby_user])
      flash[:success] = "Profile updated"
      sign_in @user
      redirect_to @user
    else
      render 'edit'
    end
  end

  def destroy
    User.find(params[:id]).destroy
    flash[:success] = "User destroyed."
    redirect_to users_url
  end

  private

    def correct_user
      @user = User.find(params[:id])
      redirect_to(root_url) unless current_user?(@user)
    end

    def admin_user
      redirect_to(root_url) unless current_user.admin?
    end
end